@Matt The reason that I want to not use external redirect pages is 1) Right-click copying will return the redirect link (instead of the actual one). 2) An external page is involved, which reduces the speed of browsing. See this userscript.
–
Rob WJan 17 '12 at 10:55

does the <a rel='nofollow'> serve the purpose? It effectively stops search engines from giving undue importance to user generated links such as those on forums (which people put in their signs)
–
GolmaalJan 17 '12 at 11:09

I think there is a better idea to break google's code's code which replaces plain links with their spyredirector
–
OnTheFlyJan 17 '12 at 11:13

* rel=noreferrer is supported in Firefox since 33, but support was limited to in-page links. Referrers were still sent when the user opened the tab via the context menu. This bug was fixed in Firefox 37 [bug 1031264].

Referrer hiding for old Firefox versions

Firefox did not support rel="noreferrer" until version 33 `[bug 530396] (or 37, if you wish to hide the referrer for context menus as well).

A data-URI + <meta http-equiv=refresh> can be used to hide the referrer in Firefox (and IE). Implementing this feature is more complicated, but also requires two events:

click - On click, on middle-click, Enter

contextmenu - On right-click, TabTab ... Contextmenu

In Firefox, the click event is fired for each mouseupand hitting Enter on a link (or form control). The contextmenu event is required, because the click event fires too late for this case.

Based on data-URIs and split-second time-outs:
When the click event is triggered, the href attribute is temporarily replaced with a data-URI. The event finished, and the default behaviour occurs: Opening the data-URI, dependent on the target attribute and SHIFT/CTRL modifiers.
Meanwhile, the href attribute is restored to its original state.

When the contextmenu event is triggered, the link also changes for a split second.

Combining both methods

Unfortunately, there is no straightforward way to feature-detect this feature (let alone account for bugs). So you can either select the relevant code based on navigator.userAgent (i.e. UA-sniffing), or use one of the convoluted detection methods from How can I detect rel="noreferrer" support?.

If you wrap an iframe around every link, the iframe can act as an external de-refer. The user would click on the link inside the frame, opening a page whose referrer is set to the iFrame's location, instead of the actual page.

I have just read your answer again. That's a nice idea. Can you elaborate your thoughts on setting a different URL of the iFrame, without using external pages? What about positioning the iFrame?
–
Rob WJan 25 '12 at 16:26

2

I have awarded the bounty to your answer, because it contained a potentially useful concept, after tweaking. This method has some shortcomings/issues though. The main issue is the positioning and location of the frame. Using the tab key to navigate between links becomes more complicated as well. Finally, the performance hit/smoothness of dynamically adding frames over all anchors is also a subject of concern.
–
Rob WJan 27 '12 at 14:04

There is a cross browser solution in Javascript that removes the referrer, it uses Iframes created dynamically, you can take a look to a proof of concept ( disclaimer: it uses a little JS library I wrote ).

Thanks for posting the implementation of the method described in this answer. It does not work in Opera (tested 11.62, 12.00b, 12.02) though. On the other hand, it does work in Safari 3+, Chrome 1+, Firefox 1+ and IE6, 7 and 8. It does not work in Internet Explorer 9 and 10. So, in practice, it's only useful in Chrome, Safari and Firefox.
–
Rob WOct 5 '12 at 13:02

Although Chrome and Firefox have already implemented a draft version of the Referrer Policy, you should be careful with it because for example Chrome expects no-referrer instead of none (and I have also seen never somewhere). I don't know the behaviour if you just add three separate meta tags, but in case that does not work you could still just implement a short script which iterates over all three values and checks if the value was really set after setting the attribute/property of the meta tag.

This meta tag applies to all requests on the current page (ajax, images, scripts, other resources...) and navigation to another page.

Looked promising, originally. However, it's no more different than my own method (currently using data-urls+meta, rel="noreferrer"), except for the disabling of the middle-mouse method, which is not desired. I usually click through links using the scrollwheel.
–
Rob WJan 17 '12 at 11:28

Just digged through your linked resources. It seems not to be possible to implement a refferer-hiding feature without any side effects. If no-one else posts an alternative ,the bounty is yours.
–
Rob WJan 21 '12 at 10:11

Thanks for the answer. Unfortunately, the blog only mentions the options. Besides, literally every possible solution in the blog post is already covered here: rel="noreferrer", noreferrer on Github and iframe routing. The "Compromise usability" solution relies on creating an ugly redirect URL - exactly what I wanted to avoid.
–
Rob WAug 26 '12 at 14:32